Sentinel & Log Analytics – How to Create Incidents to Test with – Part 2 – The Automation Rule

Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 2 of How do I create incidents to test with? Today we look at the automation rule and how we can use it trigger our Playbook or other automation that needs to be tested.

Posted on 7:35 am
0
AzureTracks Azure News Update

Azure Updates – Number 48 – October 8, 2022

With Microsoft Ignite 2022 coming next week – I’ll have all the updates for Azure Infrastructure and Microsoft Sentinel here at the end of the week, once the Ignite Book of News is published! Now with our regularly scheduled Azure News updates: A summary update on Azure News that includes updates released from Microsoft Azure related to Azure, Architecture, Compute, and Sentinel topics. I’ll provide links to all the resource updates with each item. Hopefully this will save you some time digging around to find recent releases and changes. Published October 07, 2022.

Posted on 9:30 am

Set Log Analytics Workspace Data Cap

Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.

Posted on 9:35 am